Commit a01f6cdc authored by Kostas Papadimitriou's avatar Kostas Papadimitriou
Browse files

astakos: Store arbitrary shibboleth headers

additionally to common shibboleth headers, append any arbitrary shibboleth
headers (SHIB_*) set from the IdP.
parent 16b9f5a7
......@@ -76,7 +76,8 @@ class ShibbolethTests(TestCase):
client.set_tokens(mail="kpap@synnefo.org", eppn="kpapeppn",
cn="Kostas Papadimitriou",
ep_affiliation="Test Affiliation")
r = client.get(ui_url('login/shibboleth?'), follow=True)
r = client.get(ui_url('login/shibboleth?'), follow=True,
**{'HTTP_SHIB_CUSTOM_IDP_KEY': 'test'})
token = PendingThirdPartyUser.objects.get().token
self.assertRedirects(r, ui_url('signup?third_party_token=%s' % token))
self.assertEqual(r.status_code, 200)
......@@ -128,6 +129,11 @@ class ShibbolethTests(TestCase):
self.assertEqual(AstakosUserAuthProvider.objects.count(), 1)
self.assertEqual(PendingThirdPartyUser.objects.count(), 0)
user = AstakosUser.objects.get()
provider = user.get_auth_provider("shibboleth")
headers = provider.provider_details['info']['headers']
self.assertEqual(headers.get('SHIB_CUSTOM_IDP_KEY'), 'test')
# provider info stored
provider = AstakosUserAuthProvider.objects.get(module="shibboleth")
self.assertEqual(provider.affiliation, 'Test Affiliation')
......@@ -238,6 +244,8 @@ class ShibbolethTests(TestCase):
self.assertTrue(r.context['request'].user.email == "kpap@synnefo.org")
self.assertRedirects(r, ui_url('landing'))
self.assertEqual(r.status_code, 200)
user = r.context['request'].user
client.logout()
client.reset_tokens()
......
......@@ -84,6 +84,11 @@ def login(
shibboleth_headers[token] = request.META.get(getattr(Tokens,
token),
'NOT_SET')
# also include arbitrary shibboleth headers
for key in request.META.keys():
if key.startswith('HTTP_SHIB_'):
shibboleth_headers[key.replace('HTTP_', '')] = \
request.META.get(key)
# log shibboleth headers
# TODO: info -> debug
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment